Angel Pons has uploaded this change for review.
dummyflasher.c: Prevent use-after-free bug
The memory for the `status` string is aliased by the `endptr` pointer.
Moreover, `errno` could have been modified by the call to `free()`.
Therefore, only free the former when there are no more uses of either.
Change-Id: I1b56834004fe18918213a7df0a09a8a7ecb56985
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
---
M dummyflasher.c
1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/09/54909/1
diff --git a/dummyflasher.c b/dummyflasher.c
index 78f3837..5109483 100644
--- a/dummyflasher.c
+++ b/dummyflasher.c
@@ -973,12 +973,13 @@
char *endptr;
errno = 0;
data->emu_status = strtoul(status, &endptr, 0);
- free(status);
if (errno != 0 || status == endptr) {
+ free(status);
msg_perr("Error: initial status register specified, "
"but the value could not be converted.\n");
return 1;
}
+ free(status);
msg_pdbg("Initial status register is set to 0x%02x.\n",
data->emu_status);
}
To view, visit change 54909. To unsubscribe, or for help writing mail filters, visit settings.